Security

OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security

root — Mon, 11 Aug 2008 02:26:05 -0500

These guidelines apply to all participants in the new information society and suggest the need for a greater awareness and understanding of security issues, including the need to develop a "culture of security" - that is, a focus on security in the development of information systems and networks, and the adoption of new ways of thinking and behaving when using and interacting within information systems and networks. The guidelines constitute a foundation for work towards a culture of security throughout society.

Principles of Generally Accepted Information Security Principles (GAISP)

root — Thu, 07 Aug 2008 01:46:45 -0500

GAISP is based on a solid consensus-building process that is central to the success of this approach. Principles at all levels are developed by information security practitioners who fully understand the underlying issues of the
documented practices and their application in the real world. Then, these principles will be reviewed and vetted by
skilled information security experts and authorities who will ensure that each principle is:

• Accurate, complete, and consistent
• Compliant with its stated objective
• Technically reasonable
• Well-presented, grammatically and editorially correct
• Conforms to applicable standards and guideline

What is Generally Accepted System Security Principles (GASSP/GSSP)?

root — Mon, 04 Aug 2008 21:39:13 -0500

Generally Accepted System Security Principles incorporate the consensus, at a particular time, as to the principles, standards, conventions, and mechanisms that information security practitioners should employ, that information processing products should provide, and that information owners should acknowledge to ensure the security of information and information systems.

GASSP relates to physical, technical, and administrative information security and encompasses pervasive, broad functional, and detailed security principles. GASSP nomenclature considers the terms policy, rules, procedures, and practices to relate to the organizational implementation of security. Information technology (IT) changes rapidly, and GASSP are expected to evolve accordingly. Consensus regarding accepted information security principles is achieved first within the GASSP Committee followed by international IT community review.

GAAP versus GASSP?

Download Free Antispam Service for Blogs from Six Apart

root — Sun, 13 Jul 2008 16:55:04 -0500

Six Apart, a company who makes the blogging tools islaunching a free, semi-open-source filter for blog comment spam, named TypePad AntiSpam. TypePad AntiSpam is the same antispam technology that's currently built into TypePad, but the company is making it available to all who want it, with no charge and no usage restrictions. The service is in semi-beta: "The code is not beta but the (open source framework around it) is," Six Apart CEO Chris Alden also said.

Feature:
- Use it for free. TypePad AntiSpam beta is free for any type of use, personal and commercial, regardless of how many comments you receive. Plugins are available for Movable Type and WordPress.
- Help make it better. Whenever you report unwanted comments, the TypePad AntiSpam engine learns from you, so that it can make even smarter and more effective decisions about spam in the future.

What is End Point Security?

root — Sat, 12 Jul 2008 21:44:01 -0500

Since the massive implementation of information technology, the need of proper end point security become one of the critical discussion in the company about how manage end point security effectively.

End Point Security Definition:

A strategy in which security software is distributed to end-user devices but centrally managed [searchsecurity.techtarget.com]
An information security concept that basically means that each device (end-point) is responsible for its own security [wikipedia.com]
An individual computer system or device that acts as a network client and serves as a workstation or personal computing device[endpointsecurity.org]

Example of End Point Devices:
Laptop, PCs, Handhelds, specialized equipment such as inventory scanners and point-of-sale terminals

Download Latest Free WinSCP 4.1.5

root — Sat, 12 Jul 2008 16:22:15 -0500

Download Page
filename: winscp415.exe
size: 1.3MB
website: winscp.net

WinSCP is a SFTP client and FTP client for Windows. Its main function is the secure file transfer between a local and a remote computer. It uses Secure Shell (SSH) and supports, in addition to Secure FTP, also legacy SCP protocol.

Development of WinSCP started around May 2000 and continues. Originally it was hosted by the University of Economics in Prague, where its author worked at the time. Since July 16, 2003 it is licensed under GPL and hosted on SourceForge.net.

WinSCP is based on the implementation of the SSH protocol from PuTTY and FTP protocol from FileZilla.

WinSCP is also available as a plugin for two file managers, FAR and Altap Salamander.

Internet Explorer 7.0 vs. Safari 3.0 vs. Firefox 3.0 Comparison in security perspective

root — Sat, 12 Jul 2008 16:05:34 -0500

Internet Explorer 7.0 vs. Safari 3.0 vs. Firefox 3.0 Comparison in security perspective

Criteria	Internet Explorer 7.0	Safari 3.0	Firefox 3.0
Out of the box configuration: In their own ways, all three of these browsers are delivered in an overly trusting configuration. If you’re serious about being secure in your Web browsing habits, it’s clear you’ll need to spend some time fine-tuning each of these products.	Score: D internet zone	Score: F	Score: D safe browsing
Security features: All three browsers offer some rudimentary security controls in the way of being able to allow or disallow broad categories of content, such as Javascript, Java, or ActiveX. But by default, these features are so broad in their “all or nothing” approaches as to be next to worthless.	Score: D	Score: F	Score: C
Security add-ons: the first thing to take control of in securing a browser is active content. None of the three browsers is great at that out of the box	Score: D	Score: D	Score: B
Integration with operating system: This category is not directly security-related, but it is nevertheless important in selecting a browser.	Score: A	Score: A	Score: D

Download Top Free 10 Security Tools

root — Sat, 12 Jul 2008 15:46:27 -0500

Below top 10 Security Tools, and mostly available for free that you can download for your own purpose. Whether you are an IT Security Consultant, IT Auditor or even just newbie who interested in Security. This tools is must be used for your daily security activity. This list generated from very popular website sectools.org who provide top 100 best Security Tools and others reference such as junauza.com

Nessus: Premier UNIX vulnerability assessment tool
Wireshark : Sniffing the glue that holds the Internet together
Snort : Everyone's favorite open source IDS
Netcat : The network Swiss army knife
Metasploit Framework : Hack the Planet
Hping2 : A network probing utility like ping on steroids
Kismet : A powerful wireless sniffer
Tcpdump : The classic sniffer for network monitoring and data acquisition
Cain and Abel : The top password recovery tool for Windows
John the Ripper : A powerful, flexible, and fast multi-platform password hash cracker

Also another 10 top reference

John the Ripper, John the Ripper is a free password cracking software tool initially developed for the UNIX operating system
Nmap, Nmap is my favorite network security scanner. It is used to discover computers and services on a computer network, thus creating a "map" of the network

Nessus, Nessus is a comprehensive vulnerability scanning software. Its goal is to detect potential vulnerabilities on the tested systems

Download Free Apple Security Standard, Common Criteria Tools for 10.5

root — Fri, 11 Jul 2008 05:00:57 -0500

Common Criteria Tools is an internationally approved set of security standards for Apple computer/infrastructure which provides a clear and reliable evaluation of the security capabilities of Information Technology products. By providing an independent assessment of a products ability to meet security standards, Common Criteria gives customers more confidence in the security of Information Technology products and leads to more informed decisions.

Security-conscious customers, such as the U.S. Federal Government, are requiring Common Criteria certification as a determining factor in purchasing decisions. Since the requirements for certification are clearly established, vendors can target very specific security needs while providing broad product offerings.

The Top 5 Internal Information Technology Security Threats

root — Fri, 11 Jul 2008 02:04:41 -0500

The top five internal security threats from ITsecurity.com

1. Your Employees Are Selling You Out, Part 1
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization in an effort to gain unauthorized access to confidential data. While not exactly a new phenomenon, attacks are becoming increasingly sophisticated, according to Paul Stamp, a Forrester Research senior analyst.

“A phishing attack used to be a request from the deposed governor of Nigeria,” says Stamp. “These days, a phishing attack is almost indistinguishable from the real thing.”

The result: unwitting employees disclosing confidential information, from passwords to financial data, to ill-intentioned intruders. Unable to identify fraudulent websites and counterfeit email messages, these internal workers are essentially opening a company’s closed doors to criminals.

2. Laptops on the Loose
Accidentally bequeathing your forgotten laptop to a hotel’s cleaning staff is more than an inconvenience. According to software security firm Symantec, the theft or loss of a computer or other data-storage medium made up 54 percent of all identity theft-related data breaches in the second half of 2006.

But that’s not all. The theft or loss of a laptop can cost a company big bucks. The 2006 CSI/FBI Computer Crime and Security survey reveals that laptops and the theft of proprietary information are the third and fourth-greatest sources of respondents’ financial losses. Nevertheless, a startling 47 percent of respondents detected laptop/mobile theft last year.

3. Unintentional Access and Disgruntled Ex-Employees
One of the many perks of working for a company is the access one gains to multiple computer systems, from e-mail messaging to